Some of the programs operated by computers are required to be resistant to unauthorized tampering. Examples of such programs include programs handling personal information and programs utilized for copyright management. The programs handling important information such as personal information are desirably tamper-resistant because spread of tampered programs is a threat. The programs utilized for copyright management are, for example, programs that manage the number of content usages for the purpose of applying a usage restriction, and are also desirably tamper-resistant because tampering with the programs in order to avoid the usage restriction is a threat. Apart from these examples, there is also a threat of modifying programs, developed by software development vendors, to be sold by other companies, and a threat of modifying game programs despite the intentions of the copyright holders, which creates a demand for program-tampering prevention techniques.
Among conventional tampering prevention techniques is one utilizing a tampering check. This technique is to detect tampering by calculating a hash value/checksum of a program in a memory and then judging whether or not the calculated hash value/checksum is equal to a precalculated hash value/checksum.
FIG. 1 is a diagram showing a program which includes a conventional tampering check process. In FIG. 1, a function f1 represents a process instruction group on which the tampering check is to be performed (protection target). The function f1 is assumed to be a program held in a computer memory for execution, and held specifically at addresses 0300 to 0400 in the memory. A function f2 represents a tampering check process. A process instruction “tmp=0; for(a=0300;a<0400;a++){tmp+=*a;}” represents a process (a hash calculation process) for repeating, from the address 0300 to the address 0400, an operation of reading data stored in a variable “a” and adding the read value to a variable “tmp”. This process enables calculation of a sum (checksum) of data from the address 0300 to the address 0400.
A process instruction “if(tmp!=SUM){exit( );}” represents a process (judgment/termination process) for judging whether or not the calculated checksum equals SUM, and continuing the process when the judgment indicates true whereas terminating the process when the judgment indicates false. Here, SUM is the precalculated checksum of the function f1. Therefore, if no tampering has been performed with the function f1, SUM and tmp have the same value, however, if tampering has been performed with the function f1, SUM and tmp have different values. As a result, one is able to find out whether or not tampering has been performed with the function f1 based on whether or not SUM and tmp have the same value.
FIG. 2 is a diagram for describing a process performed by a conventional tampering-prevention-process generation apparatus.
The conventional tampering-prevention-process generation apparatus (instruction generation apparatus) obtains an input program containing a protection target code, and generates a tamper-resistant program by adding a tampering check process to the input program. The protection target code corresponds to the above mentioned process instruction group represented by the function f1, and the tamper-resistant program corresponds to the program shown in FIG. 1.
Execution of such a tamper-resistant program by a computer involves a judgment on whether or not the hash value (checksum) of the protection target code is correct, and detection of tampering performed with the protection target code when the hash value is judged to be incorrect.
In such a manner, the conventional tampering-prevention-process generation apparatus adds the tampering check process to the input program to prevent execution of the input program containing the tampered protection target code.
Apart from the tampering check, there is a tampering prevention technique implemented by monitoring program behaviors. Patent Reference 1 discloses a technique of detecting program tampering by incorporating into a program in advance a process instruction for performing a predetermined behavior, and monitoring the actual program behavior at the time of the program execution to check whether or not the incorporated behavior will actually be exhibited.
Patent Reference 1: Japanese Unexamined Patent Application Publication No. 2005-173903